Created
February 8, 2011 16:42
-
-
Save micheee/816714 to your computer and use it in GitHub Desktop.
personal stuff removed
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<?php | |
/* | |
* Author: <xxxx>@uni-konstanz.de | |
* Version: 20080915 | |
*/ | |
class LDAP { | |
var $authed = false; | |
/** | |
* Auth a username and a password against the ldap service | |
* @param object $username [optional] | |
* @param object $password [optional] | |
* @return boolean "authed" | |
*/ | |
function __construct($username=false, $password=false) | |
{ | |
if(!$username || !$password) | |
{$this->authed = false; | |
return;} | |
$user = $username; $pass=$password; | |
// set URL of OpenLDAP based directory service of RZ | |
$ldapsrv = "ldaps://ldap-******1.uni-****.de"; | |
// get directory context from directory service | |
$ds = ldap_connect($ldapsrv); | |
// test if connection to directory service can be established | |
if ($ds) | |
{ | |
ldap_set_option(NULL, LDAP_OPT_DEBUG_LEVEL, 1); | |
// set required LDAP protocol version | |
ldap_set_option($ds, LDAP_OPT_PROTOCOL_VERSION, 3); | |
// set username in email-alias format and password | |
$username = $user; | |
$password = $pass; | |
// set container where all user data is stored | |
$dn = "ou=people,o=universitaet konstanz,c=de"; | |
// set rdn to bind to | |
$rdn = "cn=$username,$dn"; | |
// start authentication by performing a simple bind operation to directory | |
// service, if bind operation returns a result, user is considered as | |
// authenticated | |
$r = ldap_bind($ds,$rdn,"$password"); | |
// test if authentication succeeds | |
if ($r) | |
{ | |
$filter = "(eduPersonAffiliation=member)"; | |
$sr = ldap_search($ds, $dn, $filter); | |
ldap_close($ds); | |
// test if authorization succeeds | |
if ($sr) | |
{ | |
$this->authed = true; | |
return; | |
} | |
else | |
{ | |
$this->authed = false; | |
return; | |
} | |
// end of authorization section | |
} | |
else | |
{ | |
return false; | |
} | |
// close connection to directory service | |
} | |
else | |
{ | |
// connection to directory service failed | |
echo "Connection to directory service $ldapsrv failed"; | |
} | |
$this->authed = false; | |
return; | |
} | |
function authed(){ | |
return $this->authed; | |
} | |
} | |
?> |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment